16 matches found
CVE-2026-2354
The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the uploadextensionfiles function in all versions up to, and including, 1.4.6. The uploadextensionfiles function hooks into WordPress's wpcheckfiletypeandext filter...
CVE-2026-46400 HAXCMS PHP has a File Upload Validation Bypass
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attacker...
PT-2026-30677
The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1 to 0.5.0, FileService.download from url in app/services/file service.py calls requests.geturl with zero URL validation. The file extension check occurs AFTER the HTTP request is already made, and can be bypassed by...
CVE-2026-34577 Postiz: Unauthenticated Full-Read SSRF via /public/stream Endpoint with Trivially Bypassable Extension Check
Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the GET /public/stream endpoint in PublicController accepts a user-supplied url query parameter and proxies the full HTTP response back to the caller. The only validation is url.endsWith'mp4', which is trivially bypassable by...
CVE-2026-33691
The CVE-2026-33691 issue affects OWASP CRS prior to versions 3.3.9 and 4.25.0, where whitespace padding in filenames bypasses the file-extension checks for dangerous extensions (.php, .phar, .jsp, .jspx) because the extension regex is not applied after normalizing whitespace. The vulnerability is...
File Upload(RCE) Vulnerability in admidio
Summary A critical unrestricted file upload vulnerability exists in the Documents & Files module of Admidio. Due to a design flaw in how CSRF token validation and file extension verification interact within UploadHandlerFile.php, an authenticated user with upload permissions can bypass file...
PYSEC-2025-102
Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...
VulnCheck KEV: CVE-2022-46604
An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution...
DNN File Upload Vulnerability
DNN formerly DotNetNuke through 9.4.4 has a File upload vulnerability via bypassing client-side file extension check...
CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2017-36501)
CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A security vulnerability exists in the...
CVE-2017-1000002
ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in...
CVE-2017-1000002
CVE-2017-1000002 affects ATutor
File upload vulnerability in semcms shqk_Admin/SEMCMS_Upfile.php file
SemCms is a set of open source foreign trade enterprise website management system, mainly used for foreign trade enterprises, compatible with IE, Firefox and other mainstream browsers.SemCms php version written in php language, combined with apache, in window, or linux system to run. Semcms...
PaKnPost Pro 1.14 - Multiple Vulnerabilities
Exploit Title: PaKnPost Pro Arbitrary File Upload & Remote Code Execution Date: 2016-07-06 Product: PaKnPost Pro Vendor Homepage: http://www.paknpost.org Software Link: https://sourceforge.net/projects/paknpost/ Version: =1.14 Tested on: Windows, Linux Exploit Authors: Edvin Rustemagic, Grega...
CVE-2016-1183
NTT Data TERASOLUNA Server Framework for JavaWEB 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname...
PT-2001-2499 · Texas Imperial · Wftpd
Name of the Vulnerable Software and Affected Versions: WFTPD version 3.00 Description: The issue allows remote attackers to read arbitrary files by uploading a file that ends in a ".lnk" extension, which bypasses WFTPD's check for a ".lnk" extension. Recommendations: For WFTPD version 3.00,...